package org.apache.http.impl.auth;

import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.message.BufferedHeader;
import org.apache.http.util.CharArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes.dex */
public abstract class d extends org.apache.http.impl.auth.a {
    private final org.apache.commons.logging.a b;
    private final org.apache.commons.codec.a.a c;
    private final boolean d;
    private final boolean e;
    private a f;
    private byte[] g;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum a {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d() {
        this(true, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(boolean z, boolean z2) {
        this.b = org.apache.commons.logging.b.b(getClass());
        this.c = new org.apache.commons.codec.a.a(0);
        this.d = z;
        this.e = z2;
        this.f = a.UNINITIATED;
    }

    private String a(String str) {
        InetAddress byName = InetAddress.getByName(str);
        String canonicalHostName = byName.getCanonicalHostName();
        return byName.getHostAddress().contentEquals(canonicalHostName) ? str : canonicalHostName;
    }

    @Override // org.apache.http.auth.b
    @Deprecated
    public org.apache.http.d a(org.apache.http.auth.i iVar, org.apache.http.n nVar) {
        return a(iVar, nVar, (org.apache.http.d.e) null);
    }

    @Override // org.apache.http.impl.auth.a, org.apache.http.auth.h
    public org.apache.http.d a(org.apache.http.auth.i iVar, org.apache.http.n nVar, org.apache.http.d.e eVar) {
        HttpHost a2;
        org.apache.http.util.a.a(nVar, "HTTP request");
        switch (this.f) {
            case UNINITIATED:
                throw new AuthenticationException(a() + " authentication has not been initiated");
            case FAILED:
                throw new AuthenticationException(a() + " authentication has failed");
            case CHALLENGE_RECEIVED:
                try {
                    org.apache.http.conn.routing.b bVar = (org.apache.http.conn.routing.b) eVar.a("http.route");
                    if (bVar == null) {
                        throw new AuthenticationException("Connection route is not available");
                    }
                    if (e()) {
                        a2 = bVar.d();
                        if (a2 == null) {
                            a2 = bVar.a();
                        }
                    } else {
                        a2 = bVar.a();
                    }
                    String a3 = a2.a();
                    if (this.e) {
                        try {
                            a3 = a(a3);
                        } catch (UnknownHostException unused) {
                        }
                    }
                    if (!this.d) {
                        a3 = a3 + ":" + a2.b();
                    }
                    if (this.b.a()) {
                        this.b.a("init " + a3);
                    }
                    this.g = a(this.g, a3, iVar);
                    this.f = a.TOKEN_GENERATED;
                    break;
                } catch (GSSException e) {
                    this.f = a.FAILED;
                    if (e.getMajor() == 9 || e.getMajor() == 8) {
                        throw new InvalidCredentialsException(e.getMessage(), e);
                    }
                    if (e.getMajor() == 13) {
                        throw new InvalidCredentialsException(e.getMessage(), e);
                    }
                    if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                        throw new AuthenticationException(e.getMessage(), e);
                    }
                    throw new AuthenticationException(e.getMessage());
                }
                break;
            case TOKEN_GENERATED:
                break;
            default:
                throw new IllegalStateException("Illegal state: " + this.f);
        }
        String str = new String(this.c.d(this.g));
        if (this.b.a()) {
            this.b.a("Sending response '" + str + "' back to the auth server");
        }
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(32);
        if (e()) {
            charArrayBuffer.a("Proxy-Authorization");
        } else {
            charArrayBuffer.a("Authorization");
        }
        charArrayBuffer.a(": Negotiate ");
        charArrayBuffer.a(str);
        return new BufferedHeader(charArrayBuffer);
    }

    GSSContext a(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        return createContext;
    }

    @Override // org.apache.http.impl.auth.a
    protected void a(CharArrayBuffer charArrayBuffer, int i, int i2) {
        String b = charArrayBuffer.b(i, i2);
        if (this.b.a()) {
            this.b.a("Received challenge '" + b + "' from the auth server");
        }
        if (this.f == a.UNINITIATED) {
            this.g = org.apache.commons.codec.a.a.b(b.getBytes());
            this.f = a.CHALLENGE_RECEIVED;
        } else {
            this.b.a("Authentication already attempted");
            this.f = a.FAILED;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Deprecated
    public byte[] a(byte[] bArr, String str) {
        return null;
    }

    protected byte[] a(byte[] bArr, String str, org.apache.http.auth.i iVar) {
        return a(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(byte[] bArr, Oid oid, String str, org.apache.http.auth.i iVar) {
        GSSManager f = f();
        GSSContext a2 = a(f, oid, f.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE), iVar instanceof KerberosCredentials ? ((KerberosCredentials) iVar).c() : null);
        return bArr != null ? a2.initSecContext(bArr, 0, bArr.length) : a2.initSecContext(new byte[0], 0, 0);
    }

    @Override // org.apache.http.auth.b
    public boolean d() {
        return this.f == a.TOKEN_GENERATED || this.f == a.FAILED;
    }

    protected GSSManager f() {
        return GSSManager.getInstance();
    }
}
